Intro

The patches we will be applying bring the KPTI (kernel page-table isolation), a Linux kernel feature that mitigates the Meltdown security vulnerability. The title of this post is therefore a misnomer - there are no Spectre patches yet, but by convention all three known variants of these vulnerabilities are jointly referred to as Meltdown/Spectre. I will update this post when this changes.

Updating the instance with the patched kernel

I will describe the steps based on AWS instance running Ubuntu 14.04.5 LTS and GNU/Linux 4.4.0-97-generic kernel prior to applying the patch.